Pusher Channels mitigates denial-of-service attacks by monitoring for suspicious activity, blocking and rate-limiting at the IP layer, and by working with DDoS protection services (such as AWS Shield).
Pusher Channels uses WebSockets, which are TCP/TLS connections. These TCP/TLS connections do not require authentication. This property is sometimes exploited for "denial of service" attacks on internet services, in which the attacker opens many connections, attempting to deny others access to Pusher Channels or to a specific Pusher Channels app. Pusher's monitoring and rate-limiting architecture mitigates these kinds of attack.